doc: Use lowercased keyword names as section titles

8 years ago · 3413793768
parent a52aacb4ea
commit 3413793768
5 changed files with 26 additions and 26 deletions
--- a/doc/userguide/rules/flow-keywords.rst
+++ b/doc/userguide/rules/flow-keywords.rst
@ -1,7 +1,7 @@
 Flow Keywords
 =============

-Flowbits
+flowbits
 ~~~~~~~~

 Flowbits consists of two parts. The first part describes the action it
@ -49,7 +49,7 @@ will be generated.
 It is possible to use flowbits several times in a rule and combine the
 different functions.

-Flow
+flow
 ~~~~

 The flow keyword can be used to match on direction of the flow, so to/from
@ -102,7 +102,7 @@ The determination of *established* depends on the protocol:

  .. image:: flow-keywords/Flow2.png

-Flowint
+flowint
 ~~~~~~~

 For information, read the information on the :doc:`flowint` page.
--- a/doc/userguide/rules/flowint.rst
+++ b/doc/userguide/rules/flowint.rst
@ -1,4 +1,4 @@
-Flowint
+flowint
 =======

 Flowint is a precursor to the Global Variables task we will be adding
--- a/doc/userguide/rules/header-keywords.rst
+++ b/doc/userguide/rules/header-keywords.rst
@ -32,7 +32,7 @@ Example of the ttl keyword in a rule:

    alert ip $EXTERNAL_NET any -> $HOME_NET any (msg:"GPL MISC 0 ttl"; :example-rule-emphasis:`ttl:0;` reference:url,support.microsoft.com/default.aspx?scid=kb#-#-EN-US#-#-q138268; reference:url,www.isi.edu/in-notes/rfc1122.txt; classtype:misc-activity; sid:2101321; rev:9;)

-Ipopts
+ipopts
 ^^^^^^

 With the ipopts keyword you can check if a specific ip option is
@ -114,7 +114,7 @@ The named variante of that example would be::

    ip_proto:PIM

-Id
+id
 ^^

 With the id keyword, you can match on a specific IP ID value.  The ID
@ -136,7 +136,7 @@ Example of id in a rule:

    alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET DELETED F5 BIG-IP 3DNS TCP Probe 1"; :example-rule-emphasis:`id: 1;` dsize: 24; flags: S,12; content:"\|00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\|"; window: 2048; reference:url,www.f5.com/f5products/v9intro/index.html; reference:url,doc.emergingthreats.net/2001609; classtype:misc-activity; sid:2001609; rev:13;)

-Geoip
+geoip
 ^^^^^

 The geoip keyword enables (you) to match on the source, destination or
@ -167,7 +167,7 @@ libgeoip must be compiled in.
 Fragments
 ---------

-Fragbits
+fragbits
 ^^^^^^^^

 With the fragbits keyword, you can check if the fragmentation and
@ -202,7 +202,7 @@ Example of fragbits in a rule:

   alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT Invalid non-fragmented packet with fragment offset>0"; :example-rule-emphasis:`fragbits: M;` fragoffset: >0; reference:url,doc.emergingthreats.net/bin/view/Main/2001022; classtype:bad-unknown; sid:2001022; rev:5; metadata:created_at 2010_07_30, updated_at 2010_07_30;)

-Fragoffset
+fragoffset
 ^^^^^^^^^^

 With the fragoffset keyword you can match on specific decimal values
--- a/doc/userguide/rules/meta.rst
+++ b/doc/userguide/rules/meta.rst
@ -37,7 +37,7 @@ In this example the red, bold-faced part is the msg.
 .. note:: The following characters must be escaped inside the msg:
 	      ``;`` ``\`` ``"``

-Sid (signature id)
+sid (signature ID)
 ------------------

 The keyword sid gives every signature its own id. This id is stated with a number.
@ -56,7 +56,7 @@ Example of sid in a signature:

 In this example the red, bold-faced part is the sid.

-Rev (Revision)
+rev (Revision)
 --------------

 The sid keyword is almost every time accompanied by rev. Rev
@ -79,7 +79,7 @@ Example of rev in a signature:

 In this example the red, bold-faced part is the rev.

-Gid (group id)
+gid (group ID)
 --------------

 The gid keyword can be used to give different groups of signatures
@ -98,7 +98,7 @@ Example of gid in a signature:
 This is an example from the fast.log.
 In the part [1:2008124:2], 1 is the gid (2008124 is the the sid and 2 the rev).

-Classtype
+classtype
 ---------

 The classtype keyword gives information about the classification of
@ -133,7 +133,7 @@ Another example of classtype in a signature:

 In this example the red, bold-faced part is the classtype.

-Reference
+reference
 ---------

 The reference keywords direct to places where information about the
@ -178,7 +178,7 @@ Example of reference in a signature:

 In this example the red, bold-faced part is the action.

-Priority
+priority
 --------

 The priority keyword comes with a mandatory numeric value which can
@ -192,7 +192,7 @@ format of priority is:

  priority:1;

-Metadata
+metadata
 --------

 Suricata ignores the words behind meta data.  Suricata supports this
@ -202,7 +202,7 @@ keyword because it is part of the signature language.  The format is:

  metadata:......;

-Target
+target
 ------

 The target keyword allows the rules writer to specify which side of the
--- a/doc/userguide/rules/payload-keywords.rst
+++ b/doc/userguide/rules/payload-keywords.rst
@ -11,7 +11,7 @@ Payload Keywords
 Payload keywords inspect the content of the payload of a packet or
 stream.

-Content
+content
 -------

 The content keyword is very important in signatures. Between the
@ -99,7 +99,7 @@ generated if the the used version of Firefox is not 3.6.13.
 .. note:: The following characters must be escaped inside the content:
             ``;`` ``\`` ``"``

-Nocase
+nocase
 ------

 If you do not want to make a distinction between uppercase and
@ -120,7 +120,7 @@ Example nocase:

 It has no influence on other contents in the signature.

-Depth
+depth
 -----

 The depth keyword is a absolute content modifier. It comes after the
@ -136,7 +136,7 @@ Example:

 .. image:: payload-keywords/content4.png

-Offset
+offset
 ------

 The offset keyword designates from which byte in the payload will be
@ -157,7 +157,7 @@ third byte till the sixth byte.
 .. image:: payload-keywords/content6.png


-Distance
+distance
 --------

 The keyword distance is a relative content modifier. This means it
@ -188,7 +188,7 @@ possible to attain the same results with other keywords.

 .. image:: payload-keywords/distance3.png

-Within
+within
 ------

 The keyword within is relative to the preceding match. The keyword
@ -214,7 +214,7 @@ payload for a match, use within.

 .. image:: payload-keywords/within_distance2.png

-Isdataat
+isdataat
 --------

 The purpose of the isdataat keyword is to look if there is still data
@ -238,7 +238,7 @@ You can also use the negation (!) before isdataat.

 .. image:: payload-keywords/isdataat1.png

-Dsize
+dsize
 -----

 With the dsize keyword, you can match on the size of the packet
@ -280,7 +280,7 @@ Example of the rpc keyword in a rule:

    alert udp $EXTERNAL_NET any -> $HOME_NET 111 (msg:"RPC portmap request yppasswdd"; :example-rule-emphasis:`rpc:100009,*,*;` reference:bugtraq,2763; classtype:rpc-portmap-decode; sid:1296; rev:4;)

-Replace
+replace
 -------

 The replace content modifier can only be used in ips. It adjusts